Why there’s no such thing as ‘it’ll never happen to us’ when it comes to IT security
You might have heard about this in the news. A US Geological Survey employee’s porn habit recently led to a government network being infected with malware – a huge and complex breach that stemmed from a very preventable, human cause. By viewing and downloading material from sites which were known to have malware, the employee in question had used their personal phone and a USB drive to unwittingly infect their work network.
The news is littered with stories like this. From Yahoo to Uber and Equifax, global brands regularly fall foul of cyber-attacks. The average small business could be fooled into believing their own activities aren’t worth a hacker’s efforts. Unfortunately, that’s not true.
'Small businesses aren't a good target'
Small businesses might not handle same sums of money as big enterprise, but they still make an attractive prospect for cyber criminals. That’s for a few reasons:
- SMEs often have a lax approach to cyber security, helped in part by less access to industry-leading technology which bigger businesses can invest in.
- Staff are more likely to use their own devices to access work, with no added security processes.
- Small businesses are often the gateway to bigger corporates – as shown by the phishing attack which exposed millions of Target customers’ credit card data after an air conditioning contractor opened a compromising email.
- Lax SMEs often hold the key to economies of scale. For instance, a few hundred SMEs who haven’t upgraded their operating systems, or access to a thousand users who have ‘password’ as their password adds up to a good payday for a hacker.
Thanks to a relaxed approach to security, many SMEs are also more likely to succumb to unsophisticated attacks. A recent survey found that the top four most common breaches or attacks stemmed from fraudulent emails coaxing staff into revealing passwords or financials, followed by online impersonation, malware and viruses.
It’s not all about blaming small businesses, of course. A huge proportion of all organisations are failing to nail the basics of cyber security. For instance, a third of UK businesses don’t provide guidance to staff on setting secure passwords.
Getting the right advice
The UK Government’s National Cyber Security Centre and Cyber Initiatives campaign provide a wealth of information for small and medium businesses.
As an IT managed service provider and a small business security specialist, we provide our clients with industry-leading anti-virus and anti-spyware software, implementing a range of thorough policies and procedures to help protect businesses from the inside-out.
Contact us to find out how we can keep your business secure and capable.